President Donald Trump announced on Friday that the Pentagon’s cyber warfare unit will be elevated, forming the US military’s tenth unified command. In a statement, he vowed to “strengthen our cyberspace operations and create more opportunities to improve our Nation’s defense.”
The long-awaited shift signals that US military operations in cyberspace are considered no less important than those carried out across physical theaters of war. It is also a sign of the Pentagon’s growing confidence in US Central Command (CYBERCOM), a unit established under Secretary of Defense Robert Gates in 2010.
Currently a sub-unified combatant command, CYBERCOM was created through the merging of two joint-task forces with separate goals: offensive cyberspace operations and Pentagon network defense.
The promotion also means that CYBERCOM is likely to spend more time sabotaging enemy networks and less time engaged in espionage, the latter of which has been an integral part of the unit’s operations, mostly due to its heavy reliance on the National Security Agency’s expertise. CYBERCOM currently falls under what’s called a “dual hat” command, meaning that while it is its own unit, its operations are overseen by the NSA’s director, currently Admiral Mike Rogers.
“United States Cyber Command’s elevation will also help streamline command and control of time-sensitive cyberspace operations by consolidating them under a single commander with authorities commensurate with the importance of such operations,” Trump said in a statement. “Elevation will also ensure that critical cyberspace operations are adequately funded.”
The White House said Friday that Secretary of Defense John Mattis is also “examining the possibility” of severing CYBERCOM from the NSA entirely, adding that Mattis “will announce recommendations on this matter at a later date.”
A provision of the 2017 National Defense Authorization Act (NDAA) will require both Mattis and the chairman of the Joint Chiefs of Staff, Marine Gen. Joseph Dunford, to certify before Congress that leaving the NSA’s supervision won’t undermine CYBERCOM’s capabilities.
Whether or not to end the “dual hat” command is a complex issue, but one that can be boiled down to a few central concerns: The first is whether CYBERCOM has matured to the point that it can lose its NSA training wheels. Can the unit carry out its duty effectively without relying on the vast vast knowledge, expertise, and resources the NSA provides?
The second central issue is whether CYBERCOM and NSA can actually operate independently of one another without compromising critical operations. After all, CYBERCOM’s mission is offensive. It is intended to utilize powerful cyberweapons to degrade and destroy the enemy’s systems. Conversely, the NSA’s role is to infiltrate, monitor and collect signals intelligence—telephone, internet, and other types of digital data.
If the enemy’s network can be infiltrated by the NSA’s hackers, but it is instead destroyed in a CYBERCOM attack, the NSA might lose a valuable intelligence gathering opportunity. And in this light, one commander who can prioritize mission objectives makes a lot of sense.
When a cyberattack is launched, whether successful or not, the enemy is likely to alter its behavior—a valuable cyberweapon may be rendered useless. Enemies like ISIS, which run sophisticated propaganda and recruiting operations in cyberspace, tend to bounce back quickly—meaning the effect of an attack may be fleeting. Momentarily disabling an ISIS website may be useful towards the US military’s own propaganda efforts—it should at least appear to be winning the cyber campaign—but it’s hardly worth the loss of a powerful exploit.
This means if the “dual hat” is taken off, NSA will be far less likely to share its most valuable exploits with CYBERCOM. And CYBERCOM will have to learn to get along without them.